While the popularity and adoption of Rust have been growing for some time, wider awareness of its cybersecurity merits is coming into a more global focus. Memory safe languages like Rust are emerging as critical assets not only for organizations trying to prevent data corruption and null pointer references but also for the United States government as it becomes increasingly concerned with encouraging proper information security measures.
Case in point: this month, The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has added Rust to its list of “Safer Languages”. Let’s take a look at what this news means and why it’s a noteworthy development for both Rust and cybersecurity.
A Primer on NIST #
Founded in 1901, The National Institute of Standards and Technology (NIST) is one of the oldest physical science labs in the United States.
While NIST was originally established by Congress to help maintain a competitive economy through standardization and measurement, today the institute is housed under the Department of Commerce and is focused on a wide range of scientific and technological areas, including cybersecurity. Their efforts include advocating for tools, solutions, and frameworks that can help reduce the risk of security threats and code vulnerabilities.
NIST’s “Safer Languages” List #
One of NIST’s many initiatives is the Software Assurance Metrics And Tool Evaluation (SAMATE) project. This body is “dedicated to improving software assurance by developing methods to enable software tool evaluations, measuring the effectiveness of tools and techniques, and identifying gaps in tools and methods” according to the NIST website.
The Safer Languages is a function of SMATE’s “classes of software security assurance functions.” In short, NIST recommends the usage of programming languages with built-in security features that are actively monitored and supported by maintainers.
Rust as a Key Cybersecurity Asset #
In March 2023, NIST added Rust to its list of Safer Languages on the grounds of its ownership model, which “guarantees both memory safety and thread safety, at compile-time, without requiring a garbage collector.” NIST points out that Rust “allows users to write high-performance code while eliminating many bug classes,” and while Rust does have an “unsafe” mode, the institute explains that risk is mitigated through the narrow scope of actions allowed.
Shared Advocacy & Awareness Ahead #
While the Rust community has long been aware of the language’s promotion of safer coding, the Rust Foundation is encouraged to see a large government body with global influence such as the U.S. Department of Commerce taking note of Rust’s cybersecurity merits. Rust is in a strong position to become even more key to performant and safe computer systems globally.